Merrill Email Error Exposes Walmart Pension Plan Members' Data

A Merrill employee's email mistake exposed the personal information of 1,883 Walmart 401(k) Retirement Plan participants, including names, surnames, and Social Security numbers. The error, which occurred on April 16, was discovered six days later, and the email has since been deleted. Merrill, a division of Bank of America, is offering two years of complimentary identity theft protection services to those affected and advises them to monitor their credit reports and account statements for any unauthorized transactions. This incident marks the second data exposure affecting Walmart employees this year.

Israel Fears Russia May Share Advanced Cyber Capabilities with Iran

Israel's security establishment is alarmed by the deepening relationship between Iran and Russia, particularly the potential transfer of advanced cyber capabilities from Russia to Iran. Since October 7, Israel has seen a significant increase (2.5 to 3-fold) in major cyber attacks, targeting critical infrastructure such as healthcare, academia, and service entities. While current attacks are using known vulnerabilities, Israel is preparing for potential future attacks using sophisticated Russian cyber warfare capabilities. The concern is future-oriented, as thousands of attacks have been carried out against Israeli targets, with around 1,000 aimed at significant entities.

Google Patches Fourth Zero-Day Vulnerability in a Month

Google has released an update to patch a high-severity security flaw (CVE-2024-5274) in the Chrome browser, which is actively being exploited by malicious actors. The vulnerability is a type confusion bug in the V8 JavaScript and WebAssembly engine, allowing threat actors to modify variables and potentially execute arbitrary code or bypass access controls. This is the fourth zero-day vulnerability Google has patched this month, following CVE-2024-4947, CVE-2024-4761, and CVE-2024-4671. Users are advised to upgrade to Chrome version 125.0.6422.112/.113 (Windows and macOS) or 125.0.6422.112 (Linux). Chromium-based users should apply fixes as they become available.

London Drugs Refuses $25M Ransom Demand After Ransomware Attack

Canadian pharmacy chain London Drugs has confirmed a ransomware attack, which resulted in the theft of corporate files containing employee information. The attackers, identified as LockBit, are demanding a $25 million ransom by Thursday, threatening to leak the stolen data if the demand is not met. London Drugs has stated that it is "unwilling and unable to pay ransom to these cybercriminals." The company has notified current employees and is offering two years of free credit monitoring and identity-theft protection. The investigation is ongoing, and London Drugs will contact employees directly if their personal information was compromised. This incident comes after law enforcement disrupted LockBit's infrastructure, leading to a decrease in attacks.